Was wondering why PUN seems to have a bad reputation for cheat prevention? And/or why other networking options are more secure?
The best way to prevent most cheats is to not trust data on the game clients. The best way to not trust data on the game clients is to only take inputs from the clients, do everything meaningful to the game simulation on the server, and send the results to the clients. The best way to do that is if you control the server. That is referred to as an authoritative dedicated server architecture.
PUN typically uses a client side approach though. The clients are in charge of the data (either all the clients in charge of their own data, or a host client). Any part of the simulation under the control of a client is a potential avenue for hacking.
That doesn’t mean a dedicated server approach is automatically superior though. Setting up your own servers can be expensive, time consuming, and doesn’t scale well in comparison to your players’ computers doing all the work. So cheat mitigation through a dedicated server approach is just another design decision to consider.
1 Like
@Joe-Censored hit the nail on the head, if you would worried about hacking/cheat and wanted an authoritative dedicated server design you wouldn’t be using PUN. No sense adding a middle man to just add latency to your game because if I understand it correctly your client would connect to PUN then PUN to Auth server (Probably Unity Headless Server), server back to PUN, then PUN to the client. So you’re pretty much doubling round trip time just to run a locked-down server when there are better solutions if you going the auth server route.
1 Like
It’s also probably worth noting that even having an authoritative won’t in itself prevent advanced cheating techniques.
Even large studios can struggle to deal with cheaters in a pvp game once it becomes popular, H1Z1 Just Survive is a good example.
2 Likes
Exactly, a dedicated server isn’t an anti-cheat silver bullet.
1 Like